Subscribe
Printer Friendly
Share this PageWhy Twitter Links Should Scare You
26% of Twitter messages contain links, half of which are from spammers and lead to malicious websites.
With only 140 characters per Twitter message, it makes sense to shorten URLs and leave characters to say what you have to say. But with shortened URLs you have no idea what your final web destination will be. A spreader of malware and malicious websites couldn't be happier!
Malicious Links in Abundance
Researchers at Kaspersky Labs have found that as many as one in every 500 links on Twitter lead to sites hosting malware. They have also discovered that about 26% of Twitter messages - tweets - contain links and about half of those are created by spammers and people with bad intentions.
The two most popular URLs that the Krawler found posted to Twitter so far passed through the system in September. Both directed users to online dating sites. One of the sites, getion.com, is known to have hosted malware in the past, Raiu said.
What Twitter is Doing
So why isn't Twitter doing something to keep its users safe? Well, it is to an extent. In August Twitter started using a filtering system by Google to detect malicious URLs. The system checks the URLs against a blacklist and then either blocks the malicious URL from being posted or warns users to think before clicking on the link. However, the system only scans URLs that are shortened using the Bit.ly shortening service - the most commonly used on Twitter. Any links shortened using any of the over 200 other formats are not picked up by Twitter's filter.
Malicious URLs were discovered over a year ago before Twitter gained it's current level of popularity. Now, malware links regularly appear in "trending topics" where people are often checking to see what is the latest and greatest.
What You Can Do
- There are several companies that have developed more inclusive filters to sift through the shortened URLs on Twitter. Kaspersky has developed the Krab Krawler that currently examines 500,000 unique URLs a day. Of the URLs examined, 100 to 1,000 a day are sites hosting malware.
- AVG Technologies offers LinkScanner, a tool that scans and strips URLs of any malware that they may contain. Finjan Inc. has a tool, SecureTwitter, that sends out a warning message when a malicious URL is detected.
- You also have the option of expanding the shortened link before you click on it. The bit.ly blog has instructions on how to get the plug-in tool to expand bit.ly (and other) shortened URLs.
- Consider using stand-alone Twitter software such as TweetDeck. They will often provide filtering of their own and/or a preference item to expand shortened URLs before you click them.
Video Interview with Kaspersky Lab Malware Researcher Costin Raiu
Read more at the Threat Level blog. Graph courtesy of Kaspersky Labs
Email
Facebook
Google
Twitter
MySpace
DiggWe invite you to become a fan of Fight Identity Theft or just join in the discussion. You can find us on Facebook or Twitter.
Fight Identity Theft Newsletter
Enter your email address and keep up to date. More info | Unsubscribe
Recent Blog Entries
- March, 2010 (1)
- February, 2010 (1)
- January, 2010 (3)
- December, 2009 (1)
- November, 2009 (5)
- October, 2009 (6)
- September, 2009 (2)
- August, 2009 (3)
- April, 2009 (2)
- February, 2009 (3)
- January, 2009 (8)
- December, 2008 (8)
- March, 2008 (1)
- January, 2008 (1)
- December, 2007 (3)
- November, 2007 (2)
- October, 2007 (3)
- May, 2006 (1)
- March, 2006 (4)
- February, 2006 (4)
- January, 2006 (10)
- December, 2005 (7)
- July, 2005 (3)
- June, 2005 (4)
- May, 2005 (5)
- March, 2005 (1)
- Credit (12)
- Fraud (38)
- Government (21)
- Identity Theft (39)
- Junk Mail (5)
- Phishing (13)
- Privacy (19)
- Scam (32)
- Technology (52)
- Telemarketing (2)
- Viruses (11)
- Visitor Stories (1)
- Worms (11)
4 Comments
Anonymous
Hackers that is. I like to hack in the good sense and have never cross my mind to steal from people.
There is a Firefox plug in that expands the Tiny URLs from Twitter before you click on them and lets you see where they are really sending you. You can also complement your protection by installing the WOT Plug in for Firefox which uses a rating system and if by some chance you click in one of those malicious links it will prevent you from opening them with a pop-up indicating the site has low or bad reputation.
On the other hand Twitter is starting to bore me and I think it’s starting to be abused by merchants. Just tonight I went to Fuddruckers for dinner and they had a big sing "Follow us on Twitter" Why? Is just a hamburger place.
Dave
I've never felt comfortable with them for the reasons stated in the article. I use a software client for Twitter and never click on a link until it's expanded first. Crazy world we live in. Who dreamed up 140 characters anyway? Glad you like the site. We try our best...
I had not thought of that, but it makes sense. Twitter would be a perfect vector for all kinds of web-spread malware because of the shortened links. Why do hackers always think of this stuff before we do?
Anyway, your blog is excellent. I was actually looking for information about identity theft, and you have it in spades! Bookmarked you.
Hope you don't mind if I drop a little link self-love to my own new blog. I'm kind of a newbie at this so I don't know all the rules. Somebody said it's good to comment on other blogs. Your readers might be interested in catching crooks and creeps who call you on the phone.